The purpose of this page is to provide awareness to individuals and organizations that are leaking information and the information of their customers. The entities listed on this site are verified to be leaking personal information sometimes without the company even being aware. SLC Security is now owned and operated by Jigsaw Security Enterprise. We are currently in process and as such this blog will eventually be taken offline and merged with Jigsaw Security resources.

Sunday, February 22, 2015

Over the course of the last few days we have been seeing a ton of traffic being exfiltrated to 101 Ave of the America's, 10th Floor (registrations in Whois and through some other utilities in our stack). When checking these host it appears as though they are mostly porn hosting and cloud computing computers. As we researched more we started finding certificates with strange references to legitimate Government organizations.

Would these people be so stupid to use real certificates on fake sites to collect data from suspects and users. In addition these same nodes are Tor exit nodes meaning that traffic on Tor could be sniffed as it exits the network.

A little more research is needed but it appears as though some of these host are being disquised albeit poorly to look like porn sites and other web servers when in fact their true purpose is not known. One IP that is sticking out in the ordeal is 37.139.6.7. This IP is showing up in all sorts of indicators and is also being picked up by multiple sensors on the Internet as Tor, Malicious, SSH Attacking, etc, etc.

Due to the nature of businesses being attacked from this IP and a few others that we are not currently disclosing it appears as though this is a concerted effort to get into the infrastructure of some heavy industry to include Healthcare, Communications Companies as well as Intelligence providers.

We will be keeping an eye on this and will let you know if anything changes as we are monitoring for any traffic to these host and alerting our SOC to review immediately.

Analyst Notes:
We are seeing an increase in US colleges and Universities that may be
related to recent hacking activities previously noted. While we have
attempted to contact as many organizations as we can we have noted that
many have not acknowledged the activity even though some data has been
seen on Darknet and some forums.

In addition some recent Twitter activity shows that some of these
hackers are posting specific information that was able to be verified.
Many Universities have chosen not to report such issues.

The main attack vector at these organizations was mostly SQL injections
according to the Twitter post. Specific intelligence is available by
subscribing to our intelligence services. In addition we have started noting strange traffic on DNS ports specifically UDP 53 from some of these organizations.

Wednesday, February 18, 2015

We were just reading a report from Emerging Threats concerning the development and frequent changes and variations to these malware products. What this indicates is that the malware is under active development making it extremely difficult to catch all the variants.

Monday, February 16, 2015

Last night our security engineers noted some very interesting things happening with our sensors. After midnight some coordinated attacks that we have been seeing for weeks suddenly dropped off. We have not see a single attack since midnight yesterday.

This is highly unusual since we have been under sustained attacks since 2005. What this may indicate is that the organized attackers are starting to realize that by attacking our infrastructure they are denying themselves access to many other targets. You see by attacking us you allow us to send out updates to thousands of Internet users thereby protecting them from attack.

Only time will tell if this strange, eerily silence continues. Keep in mind though Mr. Attacker that we have visibility on thousands of endpoints and we will continue to protect our customers regardless on who you decide to attack. If we see it, we will block you, end of story!

Now that's a headline that will just reach out and grab your attention. The obvious question here is why did they do it and secondly what will they be using that money for to finance. Pay attention friends things are getting very interesting these days.

Wednesday, February 11, 2015

DARPA has publicly presented for the first time a new set of search
tools called Memex which will improve also researches into the “Deep
Web”.

In 2014, the U.S. Defense Advance Research Projects Agency (DARPA)
launched a the MEMEX project to design advanced search tools that could
be also used to scan the deep web, which isn’t indexed by Google and other commercial search engines.

The Memex search engine was started to allow search of not indexed
content, an operation that in the majority of cases is still run
manually by Intelligence Agency.

Long-awaited central repository for cyber threat information and intelligence created by The White House.

The
concept of a federal government-led center for coordinating cyberthreat
intelligence has been discussed by the Obama administration for some
time, and that concept became a reality yesterday when the White House
announced the formation of the Cyber Threat Intelligence Integration
Center (CTIIC).

That's all fine and dandy but how do we integrate with this initiative? The last Google search we did showed NOTHING!

Starting on 1 March 2015 SLC Security Services LLC will be moving our public indicator feeds to a paid subscription model. What this means is that if you are currently using our Indicators of Compromise you will be required to obtain and maintain a subscription and eligibility. The subscription model will be allow organizations of any size to subscribe to the service at an affordable rate and allow our company to add analyst to improve the service. We have been providing these indicators free as a public service for 3 years this coming March so it's time to improve our service offerings.

Subscription Pricing:
There are 4 levels of pricing and each level will require your organization to maintain eligibility for whatever pricing tier you are obtaining service.Tier 1 (Non Profit - Research Tier): Free IOC's for use by not for profit organizations, associates, Government and small business users. Will require registration and a one time verification as well as a service agreement.

Tier 2 (Small End User): A nominal charge in which you will receive our SLC Security Client application license for use on up to 5 individual workstations or servers.

Tier 3 (Business Restricted Users): Business users with more than 5 individuals will be charged per user for access to our advanced indicators, SLC Security Client application (for workstations and servers), email alert service and access to formatted feeds for Fireeye, Symantec, Crowdstrike, Palo Alto Firewalls, IP Tables, Snort as well as several other platforms.

Tier 4 (Enterprise Site License): This model is designed for large corporations and entities that want to deploy and protect an unlimited number of workstations. In addition to the Tier 3 service you will also be provided with plugins and the SLC Connect middleware to allow your internal machines to mirror our IOC data, threat bulletins, blog and RSS post. You will also be granted access to our OSINT-X research platform for full text documentation. We will also provide additional services based on your contract terms to include 1 annual audit with full reporting and 16 hours of on site training to cover topics of interest with your security staff.

We will be phasing in this paid service over the next few weeks so please pay attention to our media outlet(s) and look for the subscription information.

Analyst Notes:
We are seeing an increase in US colleges and Universities that may be related to recent hacking activities previously noted. While we have attempted to contact as many organizations as we can we have noted that many have not acknowledged the activity even though some data has been seen on Darknet and some forums.

In addition some recent Twitter activity shows that some of these hackers are posting specific information that was able to be verified. Many Universities have chosen not to report such issues.

The main attack vector at these organizations was mostly SQL injections according to the Twitter post. Specific intelligence is available by subscribing to our intelligence services.

Twitter Request from the NSA top 1.9 Million Account Request
UPI posted a story today on the 190 million users on twitter stating that the NSA has requested the information on less than 1% of Twitter users. So that means they have received information on 1.9 million Twitter accounts. That's a little different than stating 1% huh?

US to unveil new Cyber Security Agency
The U.S. government is creating a cybersecurity agency that will monitor
and share information about threats against the government and private
businesses in the wake of high-profile cyberattacks at Sony Pictures,
Anthem Inc. and several major retailers.

NCTC director who is now executive vice president at Leidos, a national security contractor.

CyberCaliphate at it againThe Twitter feeds of Newsweek and veterans' group Military Spouses of
Strength were hacked Tuesday morning by a group identifying itself as
CyberCaliphate, the same organization that was confirmed to have hacked
the twitter account for U.S. Central Command earlier this year.

Anthem Breach Prompts New York To Conduct Cybersecurity Reviews

Meanwhile, Anthem victims are now being harassed by scammers trying to collect even more personal information.

All of this at a time when we need to share information more than ever.

In the wake of news-making attacks on Sony Pictures, Home Depot and
many others, the federal government is establishing a new information
integration center to focus on cyber threats. The center will analyze
intelligence contributed by several agencies, along with the private
sector, a model that will face some serious hurdles.
The proposed Cyber Threat Intelligence Integration Center will fall
under the Office of the Director of National Intelligence and it will
not be responsible for actually gathering any threat intelligence.
Rather, it will serve as an aggregation point for information collected
by intelligence agencies and, the Obama administration hopes, private
companies. Note
Please tell me on one hand you are looking to share information and the other hand you are increasing the penalties without excluding research and development? Doesn't make sense to our team.

With the recent Anthem incident it goes without saying that organizations need to share information to protect other entities from similar attacks. In the case of Anthem the information has been shared with only 2 organizations and the information being put out by commercial vendors is incomplete and in some cases completely inaccurate. What we are seeing is that many people are making guesses as to what the actual threat is.

It seems like this recent issue and with the Sony issue that in both cases the information coming out of the analysis of these events is being withheld from commercial security vendors. This does nothing to protect others that may face similar attacks. It should be noted however that the attackers in this case have moved on to other attacks.

This is a concerted effort to infiltrate many businesses and Government. As of yet we have not seen any real and meaningful cooperation between Anthem, Sony or the Government. If they really wanted to protect the masses clear and concise information would be put out for everyone.

This leads me to believe that nobody really knows the exact methods. I can tell you that there are zero day attacks being used as well as a known browser flaw that is not being fixed by vendors. If hackers know about it and vendors choose to ignore it there is really nothing the average person can do to protect themselves from the threats that loom.

I have predicted that the educational space will be the next to have issue based on what we have seen. Because of this we will offer educational institutions access to our blocklist in the hope that some will be proactive and save themselves some embarrassment. There have been several attackers on Twitter posting educational information and much of the stolen information is available on Darknet and being shared between hackers.

This open sharing initiative that everybody speaks of is non existent and probably will not come to pass. It's a shame really as there are power in numbers. We need a distributed protection system that can incorporate actual information between vendors in near real time. Until this happens we will continue to see disinformation. In addition the naming conventions between commercial products is horrible and confusing and interoperability between companies is horrible as well.

The additional malware being seen that is NOT being tracked by any of the major vendors was previously posted.

Monday, February 9, 2015

Hard to Tackle Malware being used in University Breaches:
Many security professionals including our company have been warning Universities to activity that indicate a large scale problem on their networks. Many of the Universities have chosen to ignore the issue. Earlier today at one of our client sites we saw for the first time a malware that was running completely in memory and that is not detected by any of the major anti-virus products. The malware is currently being studied but it appears to be related to earlier reports of activity that we have been picking up on our sensors. We believe that the malware probably will be used to perform farther damage in the future. We have submitted the memory dump to several anti-virus vendors and are awaiting additional details.

Company's Doing one of Two Things:
Either companies that we are notifying are acknowledging issues or they are quietly cleaning their issues. We noted several of the Universities originally on our University post that have since dropped off our sensors so that's good in that they are no longer infected. The bad part is that they may not know what information has been stolen or damaged on their respective networks. So companies or entities are either acknowledging they are in over their heads or covering it up completely.

We have been seeing a ton of screen lockers lately. Just today one of our customer calls and states that they believe the FBI has locked out a machine. Upon inspection of course it's just a run of the mill screen locker claiming to be the FBI. I can tell you that the FBI would not tell you to go and get a moneypak to pay for unlocking your machine. In fact the FBI would just come and get the machine to perform forensics and be done with it.

When you see this message it is NOT the FBI. :-) Read r0cket's malware blog to learn how to remove the infection.

We are currently researching some really interesting routing anomalies on the Internet. It seems that not only is the Great Firewall of China doing some really interesting things to Chinese users but some really strange routing is taking place on the US east cost the past few days.

Could be coincidence but we don't think so. Funny how some of these sites are doing redirects to phishing sites as well. Tell me again why we allow China to have root servers again?!

Friday, February 6, 2015

Take our big data analytics training and learn how to make sense of data in your enterprise. Learn how to connect the dots, build out your own OSINT intelligence mapping system, link analysis and lots more. Classes are being scheduled for the summer and customized training is available...

Analytics in action...

Private training available at your location or ours... Learn how to make sense of the data in your enterprise and beyond!

We wanted to let the readers know that we are working on a collaboration with several security providers to provide our intelligence products to help improve situational awareness against threats to infrastructure. We are currently working on integrating our data sources into several open source and commercial products to help make the security landscape of individual computer users (home users), business users (corporate users) and Government entities.

Stay tuned in the coming weeks as new service offerings are provided to existing commercial products and open source software and hardware products. Here are some of the things we are working on in the lab.

Threat Feeds to Commercial Products - We will provide a list of products soon

Threat Feeds to Open Source - Integration with Snort and Linux based systems as well as the release of our SLC Security Platform for Windows machines (coming spring 2015)

Bulletin Service where we send out flash alerts directly to customers via the security platforms that we manage to include our OSINT-X platform and OSINT-X security appliance

Open integration of our products (build a solution with our data)

Security alert mailing list (Active now - You can subscribe from our website and blogs)

There will be much more coming so stay tuned.... And have a great weekend.

Frederick
High School and West Frederick Middle School in Maryland were closed February 5
following a February 4 shooting outside the high school gymnasium during a
basketball game that left 2 students injured.

Phone service restored in Forest Grove area
after outage affects more than 1,200 customers. Phone service was restored
to areas of Washington County after an outage that was reported by Frontier
Communications February 4 kept customers in the areas of Gales Creek, Glenwood,
and Tanner Creek from using a landline to call 9-1-1

For the third time in two weeks, Adobe has issued an emergency security update for its Flash Player software to fix a dangerous zero-day vulnerability that hackers already are exploiting to launch drive-by download attacks.

Seriously consider disabling this until Adobe get's their issues resolved... You may be waiting awhile with this one.

Utilizing our cloud based computing platform we are able to see attack information as it happens in real time. We are able to monitor Dark Net, Usenet and OSINT sources for relevant information concerning the activity of hackers and cyber criminals. We have been warning companies and advising them on what to look for but they don't seem to take our warnings seriously. And months later we read about issues in the news once they finally figure out that we were right in the first place.

It has happened numerous times in the past and will happen in the future unless these entities take our alerts seriously. Companies are too busy looking at their perimeter's to really get an understanding of what is really taking place. All too often the information is available to indicate a problem because once a site is breached typically other attacks are launched from that same infrastructure to other organizations. Using link analysis between companies and attacks that are being reported is a smart way to connect the dots folks. These technologies exist for a reason and as systems evolve they get better and better at predictive analysis based on past activity.

We sincerely hope you start putting the pieces together because the time of breach until there are actual notifications are usually around 12 months out. Anthem just caught the problem in 4 months but that means that they are better than average at detecting the problem but not stopping it.

If any of these companies took their security seriously they would consider utilizing big data to highlight problems before they are nightmares for the companies involved.

Quite honestly our team of volunteers are extremely good at detecting issues but we simply do not have the resources to do our analysis on a large scale. If we had the funding and additional resources we could certainly assist with these investigations but as of now we will continue to do large data analysis and warn the companies that we note as having problems in the hope that at some point a company will notice that we are way ahead of the "average" and help us get to a place where we can really be effective and assist law enforcement in containing these issues and actually finding the entities responsible for these data breaches. Until that happens we will continue to research, blog and watch from the sidelines.

If the Government were to really fund the cyber security initiatives and get private industry to bring technologies that work to market we could be a much bigger help in these cases but until that happens we will sit back and watch.

It's a shame really.

So here's what we suggest to help prevent these large breaches in the future. Stop withholding data when it comes to cyber security. Provide a clearinghouse where we can report issues and use the indicators of compromise that we have developed. I'm sorry but 95% of the technologies in use are reactive. You need analytics that can find trends and identify suspicious activity over the entire Internet connected infrastructure.

Until we have a view of the entire Internet we are confined to our own little LAN connected world and chances are somebody has already infiltrated your infrastructure. If you want to wait 12 months while they steal your data be my guest or hire us to come in a get rid of the badness and save yourselves some major embarrassment.

Later this week we will for the first time every compile a list of all of the organizations that we are more than 80% confident that have issues that need to be addressed. Our system is reporting on real world attacks and since we report on these attacks we are a major target. One good thing about being a target is that it forces attackers to show their infrastructure that they are using to attack us (and many others). Using this data we can quite quickly build out a clear picture of bad activity being directed at us and others.

Have a great week and we look forward to working with the ones that value their security posture.

Wednesday, February 4, 2015

We knew ahead of time but waited until the CEO of Anthem made a public statement. The Anthem breach will prove to be one of the biggest breaches in Healthcare history. The breach is being investigated by the FBI and several large new organizations leaked information on the breach prior to an official announcement earlier today.

We will make this a sticky post and follow the developments.

2/4/2015: Official Notification Came Out Today but was proceeded by news media leaks of details.
2/4/2015: WSJ appears to have been the first news media organization to break the story.
2/5/2015: DataBreaches also posted information they have compiled here.
2/5/2015: Major News continues to report on the issue.
2/5/2015: LA Times reporting really specific information on the case.

From the LA Times:Suspicious activity was first noticed and reported Jan. 27. Two days
later, an internal investigation verified that the company was a victim
of a cyber attack, the company said. The unauthorized access to the vast
database goes back to Dec. 10.

Cybersecurity analysts warned that
the thieves may attack Anthem again using the employee data they took.
Anthem said it’s working to strengthen security and identify any
potential gaps.

“It is highly possible that they are preparing for
another attack, such as a social engineering or phishing attack, that
may give them access to systems that they were unable to reach,” said
Tom DeSot, chief information officer of cybersecurity firm Digital
Defense Inc. in San Antonio.

From Krebs:Bloomberg reports that U.S. federal investigators probing the theft of 80 million Social Security records and other sensitive data from insurance giant Anthem Inc.
are pointing the finger at state-sponsored hackers from China.
Although unconfirmed, that suspicion would explain a confidential alert
the FBI circulated last week warning that Chinese
hackers were targeting personally identifiable information from U.S.
commercial and government networks.

See http://pastebin.com/9Lu68fMi to see if your account is compromised.

2/3/2015: Reached out to the organization to get additional detail.

2/3/2015: Received the following response.

We are actively investigating and will follow-up shortly. Please feel free to contact me directly should you have further requests for information.

2/3/2015: Additional intelligence being collected on this incident from third parties. Our network security operations center is collecting relevant claims and information from Darknet and third party data providers. Noted additional detail. If calling in to obtain information reference INC2015-005.

Yeah hackers are changing their tactics. Like I said last week while everybody is concentrating on the network hackers are actively using hardware and physical attacks. Read my original post here.

If you want a firm that can actually find problems and not just give you a false sense of security contact our SOC by email to schedule a no obligation audit. If we don't find problems you don't pay...

We have seen everything you can imagine over the last 25 years. Cell phones are still one of the biggest threats as they are cheap, can be untraceable and have long battery lives but attacking corporations is even easier since they rely on old technologies that are not even checked during most audits. Our audits are complete and concise and when you companies realize that we can actually give you piece of mind instead of just talking about it give us a call and let us prove to you that security is our main business.

Hey guys you may want to check out your systems because we have been seeing attacks from you all day. As some of you know that fact that we report on breaches in advance of some people really causes them to get angry. Either this law firm is owned by hackers or they have hired hackers to try and infiltrate our infrastructure.

It started out as simple SMTP probes but we are starting to see web server probes. We hope you like playing with our honeypot systems because that's what your hitting folks.

Next time please try and do your homework before blatantly just attacking what you think is our infrastructure. Thanks and have a great day.

Maybe you didn't like us reporting on the Texas A&M activity or some other such nonsense but this is a free country, we have data to back up our claims so if you want to play this game please by all means let's do this...

I would love to be able to put out all of the information we have and then charge you for your resource usage today since it was so extensive and you achieved absolutely NOTHING!

We have noted an uptick in the number of brute force and email probes from MIT and Harvard. In addition we have noted that Boston University, Hampshire College and Harvard are all on our blocklist due to malicious activity. MIT is involved with cyber security and has partnerships with the Government for research so this may explain why we are seeing an uptick on our sensors and reported attempts to compromise email accounts.

The UMass Memorial Medical
Group is working with law-enforcement personnel after it learned a
former employee allegedly accessed private patient billing information
that contained credit-card and debit-card numbers, Social Security
numbers, and birth dates, according to hospital personnel.
Anthony Berry, the director of media and public relations for
UMass, said the group is continuing to work with law enforcement, but
there is "nothing concrete" to report yet.

Analyst Research: We have checked our OSINT-X system and have not seen any traffic from UMass on our sensor network. This may indicate that the issue was localized. If we note any activity we will update the blog with additional information.

Tuesday, February 3, 2015

D-Link’s popular DSL2740R wireless router is vulnerable to domain
name system (DNS) hijacking exploits that requiring no authentication to
access its administrative interface.

According to Todor Donev of the Belgian security firm Ethical Hacker,
a number of other D-Link routers are affected by this bug as well,
particularly the DLS-320B. PCWorld is reporting
that the vulnerability exists in a widely deployed piece of router
firmware called ZynOS, which is developed by ZuXEL Communications
Corporation.

The troubling part of this issue is that it appears as though this and a few other bugs are allowing law enforcement to monitor the activities of individuals utilizing this hardware. We previously reported on similar vulnerabilities with Linksys hardware that allows similar interception without the end user being aware and allows Cisco to monitor customer usage of devices. For this reason we do not allow Cisco or Linksys hardware in our secured networking environment.

Seeing indicators that this entity has been breached for over a month and does not realize it. It appears as though their infrastructure is being used to launch farther attacks on other educational institutions.

They also appear on Emerging Threats for malicious activity since at lease the 11th of December, 2014. You would think these large organizations would do something to get themselves off the blacklist but as of today we are still detecting malicious activity.

Update: Our sensors are still seeing traffic originating from Texax A&M and they still have not closed off the vulnerable systems. Seeing additional reports from additional locations that they are being attacked by this entity. Over 200+ external IP's are reporting attempted breaches and brute forces from the Texas A&M network.

Monday, February 2, 2015

One of the recurring issues that we are seeing on audits are the lack of knowledge on physical attacks to infrastructure. Most of the companies we are working with do not check physical path of network connections as well as security systems. We have seen many companies that are either ignoring physical attacks or they feel as though they are not important. It should be noted that while your watching your network, attackers are building hardware, buying hardware and exploiting things such as your camera's, network security appliances, security systems, networks and communications systems such as telephone and hard wired infrastructure.

Find out today if hackers and bypass your defenses. Email SLC Security Services LLC SOC and ask for a free no obligation security audit. The findings are confidential. Let us show you why our audits are the best in the industry.

During a recent review of some incidents being covered by databreaches.net I was able to do some additional research and confirm that even as recent as an hour ago that information is still being offered in the underground community. In addition server IP addresses owned by the organization are attacking other colleges and universities in the US and elsewhere.

In Addition:
The following organizations are also compromised.
Illinois Institute of Technology
Northwestern University

Sunday, February 1, 2015

The British government has selected Northrop Grumman to provide it with
engineering, development and other cyber-security solutions services.

Solutions under the seven-year framework contract, which was
competitively awarded, will specifically support data security and
information assurance.

"As a long-standing partner with the U.K. government, we are
proud to have been selected to support the security of their digital
domain and the protection of its citizens," said Kathy Warden, corporate
vice president and president, Northrop Grumman Information Systems.
"With more than 30 years of cyber-security expertise that has been
developed and deployed around the world, we look forward to continuing
our work with some of the brightest industry and academic minds to
deliver world class operational performance, scaled to the mission, and
to increase our U.K.-based workforce that will support cyber innovators
of the future."

It should also be noted that other companies were also involved in the bidding and have been awarded contracts but Northrop Grumman is the only company to publicly acknowledge the contract award.

If your monitoring infections and malware traffic it goes without saying that banking targets are high on the priority watch list. I'm making this prediction based on intelligence that we are seeing in the SOC. Let's see how this plays out.

My prediction is that the following banks are gonna get nailed by tinba:

1.Suntrust

2. Regions Bank

3. Credit One Bank

4. Netteller

5. TD Bank

6. JP Morgan Chase

7. PNC Bank

8. RBC Bank

Since this campaign is targeting customers there is little that the banks can do to stop it. Most of the issue is being caused by anonymous proxies and some very interesting MITM traffic.

Subscribe To Disclosures

Follow our disclosures by email?

About SLC Security

The driving factor in us deciding to provide this service to consumers is the growing cost of cybersecurity defense and notification systems. We are providing an RSS feed of content as a public service. It is our policy to only release the full details of data breach information directly to the companies or entity that was the target of the breach or attack. If you need assistance researching the source of the breach or leak please visit SLC Security Services LLC to obtain assistance.

NOTICE: All information posted to this blog is derived from open source intelligence systems developed by SLC Security Services LLC. The OSINT-X platform is available via subscription and via a paid RSS Feed. The OSINT-X system only maintains 90 days but this timeframe may and will change without notice depending on the amount of data we are processing. We also provide a delayed RSS feed that may not contain all feed sources. The public RSS feed is on this page on the right hand side and is provided without charge. The moderators of this site are all volunteers and are not paid for their services. If your company needs a TSCM Sweep or Vulnerability assessment feel free to contact us through the contact form on this page or call us at (717) 831-TSCM to schedule an audit.

NOTICE: Starting in January 2015 we will only discuss issues on the blog or in our feeds with the clients directly. We receive upward of 200+ calls per day requesting information. It is impossible for our volunteers to field that number of calls and still get our work done. While we would love to help every person that calls remember we are a for profit business and answering calls takes time. If we are not busy you may get in touch with us. The best approach is to email us at soc@slcsecurity.com instead of calling. Please include your name, telephone number and a brief reason for the call or communication and we will get back to you as soon as possible time permitting.

About this Page

The purpose of this page is to provide awareness to individuals and organizations that are leaking information and the information of their customers. The entities listed on this site are verified to be leaking personal information sometimes without the company even being aware. We will include information on what type of information is being leaked but we will not release the methods in which the information is being leaked unless we are under non-disclosure agreements with the organization. The information posted on this site will contain scrubbed information if we release it to protect the information source and to ensure that the person or persons being affected are not farther harmed by the disclosure of their personal information.

Before a breach is reported it is reported to the entity affected and we normally wait at least 5 days for a response. We only post disclosures whenever there have been no response by the organization or when it involves confirmed leaks or we can verify that the security issue has not been resolved by the organization. Certain items will remain on the blog if they are a major release or new information is being posted frequently concerning the incident.

We do NOT maintain data on the leaked information as we would not want to create a second incident. Reports are submitted by security researchers, patients, clients, corporations and through open source identification as well as through passive monitoring of open source systems and proprietary algorithms.

The information on this site is provided by SLC Security Services LLC a leading cyber security and investigation company located in Raleigh, NC. If your company appears on this list and you would like additional information you may contact us by mail at 2664 Timber Dr Suite 342 Garner NC 27529 or by email via the contact form available at www.slcsecurity.com or by phone at (717)831-8726.

The Stats

Reporting Stats are available upon written request.

Please report all known security issues to soc@slcsecurity.com. We will review each report manually whenever possible. Please note that not all reports will be published to the disclosure list. Also you can specifically request that the data NOT be posted during your submission.

RSS OSINT-X FEED PERMALINKFeed Delayed 30-60 MinutesNot all sources we monitor are in this RSS feed. This feed contains mostly news sites but does not include IRC, Darknet or File Dump site monitoring that our commercial products monitor for your organization. This feed is limited in scope. For full access you must be a customer under a service contract. If interested in a full service contract call (919)441-7353 to inquire about pricing and services available.